Jump to content
Welcome to our new Citrix community!

Netscaler/ADC backup server for real server


Recommended Posts

Hi,

Hope someone can help....

I am busy migrating LB services from Cisco ACE to Citrix ADC/Netscaler.

So overall the migrating is quite straightforward, but I do have 2 interesting challenges thus far...

One such service have something out of the ordinary.

The real servers under the services have backup real servers configured.

The idea is that if that real server (under the service) goes offline or gets overloaded the specific backup server will be used.

This works fine on the Cisco ACE, but I cannot find an easy way doing this on ADC...any ideas please.

typical config on the ACE:

serverfarm host Serverfarm
  failaction purge
  predictor leastconns
  probe PROBE1
  rserver SRV_01
    backup-rserver SRV_07
    inservice
  rserver SRV_02
    backup-rserver SRV_07
    inservice

 

The other is about peculiar persistence. I suspect this can be done with policy type stuff...

The requirement is to have  persistence from specific client IPs to use specific real servers.

 

Config on the ACE:

sticky ip-netmask 255.255.255.255 address source SRV-Static
  serverfarm Serverfarm1
  8 static client source ?.?.162.2 rserver SRV_01
  16 static client source ?.?.142.42 rserver SRV_01
  24 static client source ?.?.142.49 rserver SRV_01
  32 static client source ?.?.142.52 rserver SRV_02
  40 static client source ?.?.142.56 rserver SRV_03

 

 

Please advise...

Any ideas welcome

Ciao

JC

Link to comment
Share on other sites

17 minutes ago, Carl Stalhood1709151912 said:

Hi Carl,

Thanks for the fast response, I understand the concept and will try and lab this. My concern is that this is not as easily done as on the ACE, and might be an issue for the Ops team...

But this is certainly something to try.

 

If I understand correctly. I need to:

1. create a service group for each real server.

2. Add both primary and backup servers to this group.

3. add normal monitor to primary server

4. add reverse monitor to 2nd server but the monitor is actually probing the primary server (and the backup servers?)

 

#4 is where you might need to comment...

Whats your thoughts here?

 

I also see the reverse monitor option does not support UDP traffic...it so happens that I need UDP....

 

Ciao

JC

Link to comment
Share on other sites

On 3/7/2019 at 9:46 AM, George Spiers1709154522 said:

You can create LB1 vServer which has Service Group with primary server members

You can create LB2 vServer which has Service Group with backup server members

 

Edit LB1 and set LB2 as the backup vServer under 'Protection'

Hi George,

Thanks for this. I think this is basically the closest we will get to that solution. The 2 issues is that 1.)it does not truly give the same outcome where if the specific primary server fails it will be backed up by a specific other server. Also, if 2.) we have like 10 servers in that serverfarm the config on the NS can become quite hairy...

 

Ciao

JC

Link to comment
Share on other sites

You can use Backup Vserver solution as suggested by George,

 

2LB Vserver. 1LB is main and 2LB as Backup.

This solves your 1st problem where if LB1 goes down then Lb2 will serve as backup.

 

Now you can define spillover on LB this make sure if 1LB is not down but exceeds some connection limit or bandwidth limit etc then the connection will be served by 2nd LB

 

More info https://www.jgspiers.com/netscaler-backup-vserver-spillover-url-redirect/

 

Also for persistence you can use Netscaler persistence feature

Link to comment
Share on other sites

9 hours ago, Farhan Ali1709152717 said:

You can use Backup Vserver solution as suggested by George,

 

2LB Vserver. 1LB is main and 2LB as Backup.

This solves your 1st problem where if LB1 goes down then Lb2 will serve as backup.

 

Now you can define spillover on LB this make sure if 1LB is not down but exceeds some connection limit or bandwidth limit etc then the connection will be served by 2nd LB

 

More info https://www.jgspiers.com/netscaler-backup-vserver-spillover-url-redirect/

 

Also for persistence you can use Netscaler persistence feature

 

Hi Farhana,

Thanks for the info. All the comments surely helped me in the right direction.

What I ended up doing is use one real server+service tied to one lb vserver, which has a backup vserver (also with only one rserver/service)...

(I only add a couple and not the whole config but you see the idea)

 

To satisfy the backup issue

 

add service GTP_01_SVC GTP_01_SRV UDP 3386 -netProfile Backend_SNIP_Pool
add service GTP_02_SVC GTP_02_SRV UDP 3386 -netProfile Backend_SNIP_Pool
add service GTP_03_SVC GTP_03_SRV UDP 3386 -netProfile Backend_SNIP_Pool
add service GTP_04_SVC GTP_04_SRV UDP 3386 -netProfile Backend_SNIP_Pool
add service GTP_05_SVC GTP_05_SRV UDP 3386 -netProfile Backend_SNIP_Pool
add service GTP_07_SVC GTP_07_SRV UDP 3386 -netProfile Backend_SNIP_Pool
add service GTP_08_SVC GTP_08_SRV UDP 3386 -netProfile Backend_SNIP_Pool
 

add lb vserver GTP_LB_VSRV_01 UDP 0.0.0.0 0 -persistenceType NONE -cltTimeout 120 -backupVServer GTP_LB_VSRV_07
add lb vserver GTP_LB_VSRV_02 UDP 0.0.0.0 0 -persistenceType NONE -cltTimeout 120 -backupVServer GTP_LB_VSRV_07
add lb vserver GTP_LB_VSRV_03 UDP 0.0.0.0 0 -persistenceType NONE -cltTimeout 120 -backupVServer GTP_LB_VSRV_07
add lb vserver GTP_LB_VSRV_04 UDP 0.0.0.0 0 -persistenceType NONE -cltTimeout 120 -backupVServer GTP_LB_VSRV_08
add lb vserver GTP_LB_VSRV_05 UDP 0.0.0.0 0 -persistenceType NONE -cltTimeout 120 -backupVServer GTP_LB_VSRV_08

 

bind lb vserver GTP_LB_VSRV_01 GTP_01_SVC
bind lb vserver GTP_LB_VSRV_02 GTP_02_SVC
bind lb vserver GTP_LB_VSRV_03 GTP_03_SVC
bind lb vserver GTP_LB_VSRV_04 GTP_04_SVC
bind lb vserver GTP_LB_VSRV_05 GTP_05_SVC
bind lb vserver GTP_LB_VSRV_07 GTP_07_SVC
bind lb vserver GTP_LB_VSRV_08 GTP_08_SVC

 

then to satisfy the specific persistent connections the below seems to work (again only a subset of the config, IPs fictitious, service for GTP...)

 

add cs vserver GTP_VIP_Class_2 UDP 10.10.10.10 3386 -state DISABLED -cltTimeout 120 -icmpVsrResponse ACTIVE


add cs action GTP_LB_01_ACT -targetLBVserver GTP_LB_VSRV_01
add cs action GTP_LB_02_ACT -targetLBVserver GTP_LB_VSRV_02
add cs action GTP_LB_03_ACT -targetLBVserver GTP_LB_VSRV_03

 

add cs policy SET_GTP_NH01 -rule "client.ip.src.eq(10.10.11.1)" -action GTP_LB_01_ACT
add cs policy SET_GTP_NH02 -rule "client.ip.src.eq(10.10.11.2)" -action GTP_LB_01_ACT
add cs policy SET_GTP_NH03 -rule "client.ip.src.eq(10.10.11.3)" -action GTP_LB_01_ACT
add cs policy SET_GTP_NH04 -rule "client.ip.src.eq(10.10.11.4)" -action GTP_LB_02_ACT
add cs policy SET_GTP_NH05 -rule "client.ip.src.eq(10.10.11.5)" -action GTP_LB_03_ACT

 

bind cs vserver GTP_VIP_Class_2 -policyName SET_GTP_NH01 -priority 100
bind cs vserver GTP_VIP_Class_2 -policyName SET_GTP_NH02 -priority 110
bind cs vserver GTP_VIP_Class_2 -policyName SET_GTP_NH03 -priority 120

 

 

Hope you get the idea...

This seems to fulfill all the client requirements, backup as well as funky persistence...

 

Thanks again for everyone's input

Ciao

JC

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...